<?php
session_start(); //Starts sessions
if(isset($_SESSION['userNum']) && $_SESSION['voter_permission'] == 'Admin'){ //If the session variable is already set, get all session variables
$userNum = $_SESSION['userNum'];
$pageTitle = $_SESSION['title'];
$server = $_SESSION['server'];
$user = $_SESSION['user'];
$pass = $_SESSION['pass'];
$db = $_SESSION['db'];

$ifLoginIsSingle = checkSessionID($_SESSION['sid'],$userNum,$server,$user,$pass,$db);
		
		if($ifLoginIsSingle == "False"){
			session_destroy(); 
			header('Location: home.php');
		}
		
}else{
header('Location: home.php');//else, redirect user to home
}

if($_POST['editAction'] == "Edit Position"){
$case = "case1";
}else if($_POST['editAction'] == "Add Position"){
$case = "case2";
}else if($_POST['editAction'] == "Create Position"){

mysql_connect($server,$user,$pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());
mysql_query("INSERT INTO positions (pos_name,pos_vote_limit,pos_close_vote) VALUES ('".$_POST['posName']."','".$_POST['posVoteLimit']."','1')");
$case = "case3";

}else if($_POST['editAction'] == "Remove Position"){

$case = "case4";

}else if($_POST['editAction'] == "Delete Position"){

mysql_connect($server,$user,$pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

mysql_query("delete from positions where pos_num =".$_POST['posNum']."");
mysql_query("delete from candidates where Cand_Pos =".$_POST['posNum']."");		
header("Location: posEdit.php");


}else if($_POST['editAction'] == "Submit new Info"){
mysql_connect($server,$user,$pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());
mysql_query("UPDATE positions SET pos_vote_limit =  '".$_POST['posVoteLimit']."', pos_name = '".$_POST['posName']."' WHERE pos_num = '".$_POST['posNum']."'");	
header('Location: posEdit.php');
}else if($_POST['editAction'] == "Add Position"){
mysql_connect($server,$user,$pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());
}
?>
<html>
<head>
<title>Edit Positions - <?php echo $pageTitle ?></title>
<?php include('showIcon.php'); ?>
</head>
<body style="background-image:url('images/bg_blue.jpg')">
<div style="position:absolute;left:75px;top: 0px">
<font face = "Arial">
<table style="width: 810px; height: 104px" border="0" cellspacing="0" cellpadding="0" >
<?php include("menuButtons.php"); ?>
</table>
<table style="width: 810px;" cellspacing="0" cellpadding="0" >
<tr>
<td style="height: 76px; width: 28px;"></td>
<td style="height: 76px" width="808px">
<?php

if($case == "case1"){

echo "<h2><br>Edit ".$_POST['posName']."</h2>";

echo "<form action='posEdit.php' method='POST'>";
echo "<table width='400px'>";
		echo "<tr><td style='width: 108px;background-color:silver' ><font color ='white'>Position Name</font></td>";
		echo "<td style='background-color:white'><input type='text' name='posName' value = '".$_POST['posName']."'></td></tr>";
		echo "<tr><td style='width: 108px;background-color:silver'><font color ='white'>Vote Limit</font></td>";
		echo "<td style='background-color:white'><input type='text' name='posVoteLimit' value='".$_POST['posVoteLimit']."'></td>";
		echo "</tr><tr><td ><input type='hidden' name='posNum' value = '".$_POST['posNum']."'></td><td align='right' style='background-color:#CCCC99;border: 1px solid #000000'>";
		echo "<input style='background-color:lime' type='submit' name = 'editAction' value='Submit new Info'>";
		echo "</td></tr>";
echo "</table><br>";
echo "</form>";


}else if($case == "case2"){

echo "<h2><br>Create new Position</h2>";

echo "<form action='posEdit.php' method='POST'>";
echo "<table width='400px'>";
		echo "<tr><td style='width: 108px;background-color:silver' ><font color ='white'>Position Name</font></td>";
		echo "<td style='background-color:white'><input type='text' name='posName' value = ''></td></tr>";
		echo "<tr><td style='width: 108px;background-color:silver'><font color ='white'>Vote Limit</font></td>";
		echo "<td style='background-color:white'><input type='text' name='posVoteLimit' value=''></td>";
		echo "</tr><tr><td></td><td align='right' style='background-color:#CCCC99;border: 1px solid #000000'>";
		echo "<input style='background-color:lime' type='submit' name = 'editAction' value='Create Position'>";
		echo "</td></tr>";
echo "</table><br>";
echo "</form>";

}else if($case == "case3"){

	echo "<br><strong>Position Successfully added </strong>-".$_POST['posName']."<br><br>";
	echo "<a href='posEdit.php'>Continue</a>";

}else if($case == "case4"){

	echo "<h2><br>Do you want to remove this position?</h2>";
	mysql_connect($server,$user,$pass) or die(mysql_error());
	mysql_select_db($db) or die(mysql_error());
	$candPerPos = mysql_query("Select count(*) as 'Positions' from candidates where Cand_Pos = '".$_POST['posNum']."'");
	$noOfCand = "";
	while($count = mysql_fetch_array($candPerPos)){
	$noOfCand = $count['Positions'];
	}
	
	if($noOfCand > 0){
	echo "<br><font color = 'red'><strong>Warning</strong>- there are ".$noOfCand." candidates in this position </font>";
	echo "<br>All of these candidates will be deleted upon deletion of position";
	echo "<br>Do you want to continue deletion of this position?";
	echo "<br><font color = 'red' size = '1'>It is receommended to transfer candidates to another position to preserve information</font>";
	
	}else{
	
	echo "<br>Do you want to continue deletion of this position?";
	
	}
	
	echo "<br><br><form action='posEdit.php' method='POST'>";
	echo "<table width='400px'>";
	
		
		echo "<input type='hidden' name='posNum' value = '".$_POST['posNum']."'>";
		
	
		echo "<tr><td style='width: 108px;background-color:silver' ><font color ='white'>Position Name</font></td>";
		echo "<td style='background-color:white'>".$_POST['posName']."</td></tr>";
		echo "<tr><td style='width: 108px;background-color:silver'><font color ='white'>Vote Limit</font></td>";
		echo "<td style='background-color:white'>".$_POST['posVoteLimit'];
		echo "</td></tr>";
		echo "<tr><td align='right' style='background-color:#CCCC99;height: 20px;border: 1px esolid #000000' colspan = '2'>";
		echo "<input style='background-color:red' type='submit' name = 'editAction' value='Delete Position'></td></tr>";
	
	echo "</table><br>";
	echo "</form>";

}else{

echo "<h2><br>Edit Positions</h2><font size='1' color='red'>Warning - Positions opened for voting will have editing disabled</font><br><br>";
mysql_connect($server,$user,$pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());
$positions = mysql_query("Select * from positions where pos_close_vote='1'");
	while($posLine = mysql_fetch_array($positions)){
	echo "<form action='posEdit.php' method='POST'>";
	echo "<table width='400px'>";
	
		echo "<input type='hidden' name='posName' value = '".$posLine['pos_name']."'>";
		echo "<input type='hidden' name='posVoteLimit' value = '".$posLine['pos_vote_limit']."'>";
		echo "<input type='hidden' name='posNum' value = '".$posLine['pos_num']."'>";
		
	
		echo "<tr><td style='width: 108px;background-color:#6666FF' ><font color ='white'>Position Name</font></td>";
		echo "<td style='background-color:#99ccFF'>".$posLine['pos_name']."</td></tr>";
		echo "<tr><td style='width: 108px;background-color:#6666FF'><font color ='white'>Vote Limit</font></td>";
		echo "<td style='background-color:#99ccFF'>".$posLine['pos_vote_limit']."</td>";
		echo "</tr><tr><td ></td><td align='right' style='background-color:#CCCC99;border: 1px solid #000000'>";
		echo "<input type='image' name='editAction' value= 'Remove Position' src='images/remove.png' border='0' title='Remove the ".$posLine['pos_name']." position'/>";
		echo "<input type='image' name='editAction' value= 'Edit Position' src='images/add.png' border='0' title='Edit information about the ".$posLine['pos_name']." position'/>";
		echo "</td></tr>";
	echo "</table><br>";
	echo "</form>";
	
	}
	
	echo "<form action='posEdit.php' method='POST'";
	echo "<table><tr><td><input style='background-color:blue' type='submit' name = 'editAction' value='Add Position'></td></tr></table></form>";
	
}
//Function checkSessionID()
// -Checks if session in db is same in the session in browser
// If not, it logs out
function checkSessionID($sid,$uname,$sver,$usr,$passwd,$dbase){
mysql_connect($sver,$usr,$passwd) or die(mysql_error());
mysql_select_db($dbase) or die(mysql_error());

	$querySession = mysql_query("SELECT voter_current_session from voters WHERE voter_num = '".$uname."'");	

		while($sessionInDB = mysql_fetch_array($querySession)){
		$loggedSession = $sessionInDB['voter_current_session'];
		}

	if($_SESSION['sid'] == $loggedSession){
	return "True";
	}else{
	return "False";
	}	
}
?>
</td>
</tr>
</table>
<br><br><br><br><br>
</div>
<?php include('bottomLinks.php'); ?>
</body>
</html>
